This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to alter local files through a vulnerability in the Windows Media Player 9 ActiveX control object.
The Windows Media Player ActiveX control is prone to a security weakness. The issue is that the control may be abused by a Web page to change attributes of media files (such as MP3). An attacker can influence attributes such as the artist, song name, or album name.
It appears that the issue may be exploited by using the setItemInfo() method offered by the control to change attributes of a media file. An exploit would either require the attacker to load their own media file in the browser control or to guess the name of an existing media file on the client computer.
It is possible to exploit this weakness to inject malicious script code into these attributes. If this issue is combined with a vulnerability that could force Internet Explorer to interpret the injected script code, it may be possible to execute malicious script code in the Local Zone. Such an attack would lead to execution of arbitrary code on computers that do not have this Zone locked down.
This issue is reported to affect Windows Media Player 9. It reportedly does not work on computers running Windows XP SP2 when the attack is executed from a remote source. This is likely due to additional browser security measures in Windows XP SP2.
- Microsoft Windows Media Player 9.0
This issue has been reportedly addressed in Windows Media Player 10. Symantec has not confirmed this.